diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /meta-security/recipes-security/bastille/files/Miscellaneous.pm | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-security/recipes-security/bastille/files/Miscellaneous.pm')
-rw-r--r-- | meta-security/recipes-security/bastille/files/Miscellaneous.pm | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/meta-security/recipes-security/bastille/files/Miscellaneous.pm b/meta-security/recipes-security/bastille/files/Miscellaneous.pm new file mode 100644 index 0000000000..b3bdf10cde --- /dev/null +++ b/meta-security/recipes-security/bastille/files/Miscellaneous.pm @@ -0,0 +1,166 @@ +package Bastille::API::Miscellaneous; +use strict; + +use File::Path; +use Bastille::API; +use Bastille::API::HPSpecific; +use Bastille::API::FileContent; + +require Exporter; +our @ISA = qw(Exporter); +our @EXPORT_OK = qw( +PrepareToRun +B_is_package_installed +); +our @EXPORT = @EXPORT_OK; + + +########################################################################### +# +# PrepareToRun sets up Bastille to run. It checks the ARGV array for +# special options and runs ConfigureForDistro to set necessary file +# locations and other global variables. +# +########################################################################### + +sub PrepareToRun { + + # Make sure we're root! + if ( $> != 0 ) { + &B_log("ERROR","Bastille must run as root!\n"); + exit(1); + } + + + # Make any directories that don't exist... + foreach my $dir (keys %GLOBAL_BDIR) { + my $BdirPath = $GLOBAL_BDIR{$dir}; + if ( $BdirPath =~ /^\s*\// ) { #Don't make relative directories + mkpath ($BdirPath,0,0700); + } + } + + if(&GetDistro =~ "^HP-UX") { + &B_check_system; + } + + &B_log("ACTION","\n########################################################\n" . + "# Begin Bastille Run #\n" . + "########################################################\n\n"); + + #read sum file if it exists. + &B_read_sums; + + +# No longer necessary as flags are no longer in sum file, and sums are +# are now checked "real time" + + # check the integrity of the files listed +# for my $file (sort keys %GLOBAL_SUM) { +# &B_check_sum($file); +# } + # write out the newly flagged sums +# &B_write_sums; + + +} + + + +########################################################################### +# &B_is_package_installed($package); +# +# This function checks for the existence of the package named. +# +# TODO: Allow $package to be an expression. +# TODO: Allow optional $version, $release, $epoch arguments so we can +# make sure that the given package is at least as recent as some +# given version number. +# +# scalar return values: +# 0: $package is not installed +# 1: $package is installed +########################################################################### + +sub B_is_package_installed($) { + no strict; + my $package = $_[0]; +# Create a "global" variable with values scoped to this function +# We do this to avoid having to repeatedly swlist/rpm +# when we run B_is_package_installed +local %INSTALLED_PACKAGE_LIST; + + my $distro = &GetDistro; + if ($distro =~ /^HP-UX/) { + if (&checkProcsForService('swagent','ignore_warning') == SECURE_CANT_CHANGE()) { + &B_log("WARNING","Software Distributor Agent(swagent) is not running. Can not tell ". + "if package: $package is installed or not. Bastille will assume not. ". + "If the package is actually installed, Bastille may report or configure incorrectly.". + "To use Bastille-results as-is, please check to ensure $package is not installed, ". + "or re-run with the swagent running to get correct results."); + return 0; #FALSE + } + my $swlist=&getGlobal('BIN','swlist'); + if (%INSTALLED_PACKAGE_LIST == () ) { # re-use prior results + if (open(SWLIST, "$swlist -a state -l fileset |")) { + while (my $line = <SWLIST>){ + if ($line =~ /^ {2}\S+\.(\S+)\s*(\w+)/) { + $INSTALLED_PACKAGE_LIST{$1} = $2; + } + } + close SWLIST; + } else { + &B_log("ERROR","B_is_package_installed was unable to run the swlist command: $swlist,\n"); + return FALSE; + } + } + # Now find the entry + if ($INSTALLED_PACKAGE_LIST{$package} == 'configured') { + return TRUE; + } else { + return FALSE; + } + } #End HP-UX Section + # This routine only works on RPM-based distros: Red Hat, Fedora, Mandrake and SuSE + elsif ( ($distro !~ /^RH/) and ($distro !~ /^MN/) and($distro !~ /^SE/) ) { + return 0; + } else { #This is a RPM-based distro + # Run an rpm command -- librpm is extremely messy, dynamic and not + # so much a perl thing. It's actually barely a C/C++ thing... + if (open RPM,"rpm -q $package") { + # We should get only one line back, but let's parse a few + # just in case. + my @lines = <RPM>; + close RPM; + # + # This is what we're trying to parse: + # $ rpm -q jay + # package jay is not installed + # $ rpm -q bash + # bash-2.05b-305.1 + # + + foreach $line (@lines) { + if ($line =~ /^package\s$package\sis\snot\sinstalled/) { + return 0; + } + elsif ($line =~ /^$package\-/) { + return 1; + } + } + + # If we've read every line without finding one of these, then + # our parsing is broken + &B_log("ERROR","B_is_package_installed was unable to find a definitive RPM present or not present line.\n"); + return 0; + } else { + &B_log("ERROR","B_is_package_installed was unable to run the RPM command,\n"); + return 0; + } + } +} + + + +1; + |